Archived information

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting 2012-2013

Summary of the Assessment of Effectiveness of the System of Internal Control over Financial Reporting and the Action Plan for Fiscal Year 2012-2013

Table of Contents

1. Introduction

This document provides summary information on the measures taken by the Canadian International Development Agency (CIDA or the Agency) to maintain an effective system of internal control over financial reporting (ICFR) including information on internal control management and assessment results and related action plans.

Detailed information on the Agency's authority, mandate, and program activities can be found in Departmental Performance Report and Report on Plans and Priorities.

Disclaimer

On June 26, 2013, Economic Action Plan 2013 Act, No. 1, received Royal Assent amalgamating the former Department of Foreign Affairs and International Trade (DFAIT) and Canadian International Development Agency (CIDA), and thus creating the Department of Foreign Affairs, Trade and Development (DFATD). This annex presents CIDA's control environment, assessment results and future year commitments notwithstanding the amalgamation. Future year commitments will be reassessed in 2013-14 in the light of the DFATD processes, control environment and risks.

2. Departmental System of Internal Control over Financial Reporting

2.1 Internal Control Management

The Agency has a well established governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. A departmental internal control management framework (ICFR), is in place, which includes:

The scope of the ICFR extends well beyond the Chief Financial Officer Branch into major aspects of the Agency's information technology, legal and other business lines. Everyone in the Agency has a responsibility for internal control.

Deputy Minister – In the Federal Government, Deputy Heads have always had the responsibility to ensure that internal controls are regularly reviewed in the context of risk, ensuring that those internal controls are balanced against and proportional to the risks that they mitigate. The Agency's Deputy Minister, as Accounting Officer, assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. In this role, the Deputy Minister chairs the Audit Committee and the Management Board and receives advice and recommendations from the members.

Chief Financial Officer (CFO) – The Agency's CFO reports directly to the Deputy Minister and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICFR, including its annual assessment.

Senior Managers – CIDA's senior managers in charge of program delivery or corporate branches are responsible for establishing and maintaining a system of internal control for their areas of responsibility and within the Agency's system of internal control.

Chief Audit Executive (CAE) – Consistent with the Policy on Internal Control (PIC), CIDA has a qualified CAE who establishes plans and performs risk-based internal audits necessary to provide an independent annual assurance report to the deputy head on the adequacy and effectiveness of risk management, control and governance processes within the Agency, which are instrumental to the maintenance of an effective system of ICFR.

Audit Committee (AC) – The Audit Committee is an advisory committee that provides objective advice to the Deputy Minister on the adequacy of the Agency's risk management, control and governance frameworks. It is comprised of three external members and one internal member, the Agency's President. As such, the committee reviews the Agency's Corporate Risk Profile and its system of internal control, including the annual assessment and action plans relating to the system of ICFR.

Management Board (MB) – Senior management commitment and sponsorship are imperative considering that the ICFR framework will impact many of the Agency's branches. As the Agency's central decision-making body, the Management Board reviews, approves and monitors the Corporate Risk Profile and the departmental system of internal control.

Corporate Reporting and Financial Controls group – The Corporate reporting and financial controls group plays an important part in managing the ICFR framework based on its current areas of responsibilities. The group is responsible for managing the ICFR framework and to coordinate the documentation and assessment of the key financial processes and internal controls.

2.2 Key Measures Taken by CIDA

CIDA's control environment includes a series of measures to equip its staff with the ability to manage risks through raising awareness, providing the appropriate knowledge and the necessary tools to develop such skills. CIDA focuses on the following key control elements:

2.3  Service Arrangements Relevant to Financial Statements

The Agency relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows:

Common Arrangements:

Specific Arrangements:

3. Departmental Assessment Results during Fiscal Year 2012-2013

This includes assessment of the design and operating effectiveness of the system of ICFR, leading to on-going monitoring and continuous improvement of the Agency's system of ICFR.

Assessing design effectiveness means that key control points are identified, documented, implemented and aligned with the risks they aim to mitigate, weaknesses are identified, and any required remediation is addressed. This includes the mapping of key IT systems, business processes to the main accounts, and other processes by location as applicable.

Assessing operating effectiveness means that the application of key controls has been tested over a defined period, that any weaknesses are identified and that any required remediation is addressed. Such testing covers all departmental control levels, including entity (corporate) level controls, IT general controls and business process controls.

On-going monitoring means that a systematic, integrated approach to monitoring is in place in support of continuous improvement, including periodic risk-based assessments and timely remediation.

During 2012-2013, the Agency completed most of its design effectiveness testing and operating effectiveness testing of key control areas. An internal control framework was established, which specifies, in particular, the roles and responsibilities and the control environment. 

As per plan, on-going monitoring has started in 2012-2013.

3.1 Design Effectiveness Testing of Key Controls

During the current year, the Agency completed its design effectiveness testing of the last remaining key control items:

Remediation of control deficiencies have for the most part been addressed in these control areas. Where feasible, remediation requirements were addressed as soon as the necessary adjustments had been identified. Otherwise, management action plans either were or are currently being developed to fully address the control weaknesses within a reasonable timeframe. A follow-up process on recommendations has been put in place to ensure that each of the remediation measures is being implemented as planned.

As a result of design effectiveness testing, the existence of relevant and strong financial controls was confirmed. The main control objectives pertaining to each process were generally well supported by appropriate control activities.

 The Agency identified the following remediation required:

3.2 Operating Effectiveness of Key Controls

In 2012-2013, the Agency completed operating effectiveness testing of the last remaining key controls items:

Required remediation has been completed for CIFA and accrued employee severance benefits, with remediation still in progress for professional services expenses and accrued liability for matching funds program. Where feasible, specific remediation requirements were addressed shortly after the necessary adjustments were identified. In other cases, management action plans are being developed to fully address the control weaknesses within a reasonable timeframe. A follow-up is performed on each of the remediation measures according to a monitoring program that will be established over the next year.

As a result of the operating effectiveness testing, although no significant deficiencies have been identified, the Agency identified the following remediation required:

3.3 On-going Monitoring Program

In 2012-2013, the Agency defined a draft strategy for the on-going monitoring of financial controls. This document outlines the rationale and the frequency of testing of key financial controls, for each significant process. This draft on-going monitoring program will be refined in the next fiscal years and is planned to be fully implemented in 2014-2015.

In the current year, the Agency completed planned on-going monitoring of entity level controls (ELC). Generally, the entity-level control objectives were met and supporting activities addressed the key risks over financial reporting.

As a result of on-going monitoring, the Agency identified the following remediation required:

4. CIDA's Action Plan

4.1 Progress during Fiscal Year 2012-2013

During 2012-2013, the Agency has continued to make significant progress in assessing and improving its key controls.

Below is a summary of the main progress made by the Agency based on the plans identified in the previous fiscal year's annex:
Element in previous year's action planStatus
Transfer payments responsive approach and program-based approach, loans to developing countries and IFIs, and budgeting and forecasting – design effectiveness testing and remediation of deficiencies.

Additional assessments of the design and operating effectiveness of key financial controls of field expenditures, in support of the decentralization of Agency operations.

Design effectiveness completed with remediation of design deficiencies substantially advanced for loans to developing countries and IFIs.

Remediation has started for transfer payments responsive approach and program-based approach, and for budgeting and forecasting.

Financial control assessments of field expenditures were not performed due to delays with the decentralization initiative.
Professional services expenses, Canada Investment Fund for Africa, accrued liability for matching funds program and accrued employee severance benefits – operating effectiveness testing and remediation of deficiencies.Operating effectiveness testing completed and remediation substantially advanced for Canada Investment Fund for Africa, accrued liability for matching funds program and accrued employee severance benefits.

Remediation has started for professional services expenses.
Entity level controls - On-going monitoring.Reassessment completed for entity level controls and remediation has started.
Internal control framework, which specifies, in particular, the roles and responsibilities and the control environment.An internal control framework was established.

4.2 Action Plan for the Next Fiscal Year and Subsequent Years

Building on progress to date, the Agency would be positioned to complete the assessment of its system of ICFR in 2013-2014.  At that time, the Agency would have been applying its rotational on-going monitoring plan to reassess control performance on a risk basis across all control areas.

The status and action plan for the completion of the identified control areas for the next fiscal year (2013-2014) and subsequent years is as follows:
Key Control AreasAssessment elements
Design effectiveness testing and remediationOperational effectiveness testing and remediationOn-going monitoring rotation Footnote 1
Entity level controlsCompleteNote 2Complete
IT general controls under departmental managementCompleteNote 2Note 1
Transfer payments: multilateral grants approachCompleteCompleteNote 1
Transfer payments: directive contributions approachCompleteNote 1Note 1
Transfer payments: responsive approachCompleteNote 1Note 1
Transfer payments: program-based approachCompleteNote 1Note 1
Salaries and employee benefitsCompleteCompleteNote 1
Professional and special services expensesCompleteCompleteNote 1
Gains and losses on foreign exchangeCompleteCompleteNote 1
Loans to developing countries and IFIsCompleteCompleteNote 1
Investments and advances to IFIsCompleteCompleteNote 1
Canada Investment Fund for AfricaCompleteCompleteNote 1
Prepaid expensesCompleteCompleteNote 1
General accounts payable and accrued liabilitiesCompleteCompleteNote 1
Accrued liability for Matching Funds ProgramCompleteCompleteNote 1
Accrued employee severance benefitsCompleteCompleteNote 1
Contractual obligationsCompleteCompleteNote 1
Contingent liabilitiesCompleteCompleteNote 1
Year-end closing and financial statements preparationCompleteCompleteNote 1
Adjusting journal entriesCompleteCompleteNote 1
Interdepartmental settlementsCompleteCompleteNote 1
Budgeting and forecastingCompleteNote 1Note 1
Field expendituresFinancial controls assessments are performed on the field on a rotational basis

Note 1: Effective June 26, 2013, the Government amalgamated the Department of Foreign Affairs and International Trade (DFAIT) and the Canadian International Development Agency (CIDA), and thus creating the Department of Foreign Affairs, Trade and Development (DFATD). This amalgamation will have an impact on the Policy on Internal Control implementation and more particularly future year commitments. The potential impact is to be reassessed by DFATD in 2013-2014.

Note 2: The operating effectiveness of the entity level controls and IT general controls is included as part of the Agency's overall assessment of all its business processes.

Date Modified: